216.73.217.86

CVE-2024-31970

· Published 24/07/2024 16:15 · Modified 24/07/2024 17:12

Labels: CVE-2024-31970 2024-07-24CVE-2024-31970[email protected]

Essential information

Published
24/07/2024 16:15
Modified
24/07/2024 17:12
Author
Creator
CISA KEV
No
CWE

Description

AdTran SRG 834-5 HDC17600021F1 devices (with SmartOS 11.1.1.1 and fixed in Version 12.1.3.1) have SSH enabled by default, accessible both over the LAN and the Internet. During a window of time when the device is being set up, it uses a default username and password combination of admin/admin with root-level privileges. An attacker can exploit this window to gain unauthorized root access by either modifying the existing admin account or creating a new account with equivalent privileges. This vulnerability allows attackers to execute arbitrary commands.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

References